D4
/
sensor-d4-tls-fingerprinting
mirror of https://github.com/D4-project/sensor-d4-tls-fingerprinting
2
0
Fork 0
Code Issues Releases Wiki Activity
Extract TLS certificates from pcap files or network interfaces, fingerprint TLS client/server interactions with ja3/ja3s
12 Commits
2 Branches
2 Tags
141 KiB
Go 99.8%
Makefile 0.2%
 
 
Go to file
Jean-Louis Huynen 89c4324077 Some tests on etls + minor changes on d4tls 2019-02-05 15:40:22 +01:00
d4tls Some tests on etls + minor changes on d4tls 2019-02-05 15:40:22 +01:00
etls Some tests on etls + minor changes on d4tls 2019-02-05 15:40:22 +01:00
.gitignore initial PoC 2019-01-23 14:41:30 +01:00
LICENSE Initial commit 2019-01-23 13:57:01 +01:00
Makefile Adds Makefile, simpler concurrency 2019-01-29 16:06:23 +01:00
README.md Adds basic tlsh support 2019-02-04 09:02:57 +01:00
d4-tlsf.go refacto 2019-02-04 16:26:34 +01:00

README.md

sensor-d4-tls-fingerprinting

Extracts TLS certificates from pcap files or network interfaces (tcpreassembly is done thanks to gopacket), fingerprints TLS client/server interactions with ja3/ja3s and print output in JSON form.

Use

This project is currently in its very early stage and should not be used in production. Check the list of issues.

Install dependencies & go get

$go get github.com/google/gopacket
$go get github.com/glaslos/tlsh 
$go get github.com/D4-project/sensor-d4-tls-fingerprinting

make allows to compile for amd64 and arm ATM.

How to use

Read from pcap:

$ ./d4-tlsf-amd64l -r=file

Read from interface (promiscious mode):

$ ./d4-tlsf-amd64l -i=interface

Write x509 certificates to folder:

$ ./d4-tlsf-amd64l -w=folderName

Write output json inside folder

$ ./d4-tlsf-amd64l -j=folderName